@aws-sdk/client-grafana 3.276.0 → 3.278.0

package/dist-types/models/models_0.d.ts

@@ -52,7 +52,8 @@ export interface CreateWorkspaceApiKeyRequest {
      */
     keyRole: string | undefined;
     /**
-     * <p>Specifies the time in seconds until the key expires. Keys can be valid for up to 30 days.</p>
+     * <p>Specifies the time in seconds until the key expires. Keys can be valid for up to 30
+     *             days.</p>
      */
     secondsToLive: number | undefined;
     /**
@@ -66,8 +67,8 @@ export interface CreateWorkspaceApiKeyResponse {
      */
     keyName: string | undefined;
     /**
-     * <p>The key token. Use this value as a bearer token to
-     *             authenticate HTTP requests to the workspace.</p>
+     * <p>The key token. Use this value as a bearer token to authenticate HTTP requests to the
+     *             workspace.</p>
      */
     key: string | undefined;
     /**
@@ -162,7 +163,8 @@ export declare class ThrottlingException extends __BaseException {
     constructor(opts: __ExceptionOptionType<ThrottlingException, __BaseException>);
 }
 /**
- * <p>A structure that contains information about a request parameter that caused an error.</p>
+ * <p>A structure that contains information about a request parameter that caused an
+ *             error.</p>
  */
 export interface ValidationExceptionField {
     /**
@@ -220,24 +222,28 @@ export interface DeleteWorkspaceApiKeyResponse {
     workspaceId: string | undefined;
 }
 /**
- * <p>A structure that defines which attributes in the IdP assertion are to be used to define
- *          information about the users authenticated by the IdP to use the workspace.</p>
+ * <p>A structure that defines which attributes in the IdP assertion are to be used to
+ *             define information about the users authenticated by the IdP to use the workspace.</p>
  */
 export interface AssertionAttributes {
     /**
-     * <p>The name of the attribute within the SAML assertion to use as the user full "friendly" names for SAML users.</p>
+     * <p>The name of the attribute within the SAML assertion to use as the user full "friendly"
+     *             names for SAML users.</p>
      */
     name?: string;
     /**
-     * <p>The name of the attribute within the SAML assertion to use as the login names for SAML users.</p>
+     * <p>The name of the attribute within the SAML assertion to use as the login names for SAML
+     *             users.</p>
      */
     login?: string;
     /**
-     * <p>The name of the attribute within the SAML assertion to use as the email names for SAML users.</p>
+     * <p>The name of the attribute within the SAML assertion to use as the email names for SAML
+     *             users.</p>
      */
     email?: string;
     /**
-     * <p>The name of the attribute within the SAML assertion to use as the user full "friendly" names for user groups.</p>
+     * <p>The name of the attribute within the SAML assertion to use as the user full "friendly"
+     *             names for user groups.</p>
      */
     groups?: string;
     /**
@@ -245,7 +251,8 @@ export interface AssertionAttributes {
      */
     role?: string;
     /**
-     * <p>The name of the attribute within the SAML assertion to use as the user full "friendly" names for the users' organizations.</p>
+     * <p>The name of the attribute within the SAML assertion to use as the user full "friendly"
+     *             names for the users' organizations.</p>
      */
     org?: string;
 }
@@ -296,12 +303,13 @@ export declare enum SamlConfigurationStatus {
  */
 export interface AuthenticationSummary {
     /**
-     * <p>Specifies whether the workspace uses SAML, IAM Identity Center, or both methods for user
-     *             authentication.</p>
+     * <p>Specifies whether the workspace uses SAML, IAM Identity Center, or both methods for
+     *             user authentication.</p>
      */
     providers: (AuthenticationProviderTypes | string)[] | undefined;
     /**
-     * <p>Specifies whether the workplace's user authentication method is fully configured.</p>
+     * <p>Specifies whether the workplace's user authentication method is fully
+     *             configured.</p>
      */
     samlConfigurationStatus?: SamlConfigurationStatus | string;
 }
@@ -368,18 +376,18 @@ export interface NetworkAccessConfiguration {
     /**
      * <p>An array of Amazon VPC endpoint IDs for the workspace. You can create VPC
      *             endpoints to your Amazon Managed Grafana workspace for access from within a VPC. If a
-     *             <code>NetworkAccessConfiguration</code> is specified then only VPC endpoints
+     *                 <code>NetworkAccessConfiguration</code> is specified then only VPC endpoints
      *             specified here will be allowed to access the workspace.</p>
-     *          <p>VPC endpoint IDs have the format <code>vpce-<i>1a2b3c4d</i>
+     *          <p>VPC endpoint IDs have the format
+     *             <code>vpce-<i>1a2b3c4d</i>
      *             </code>.</p>
-     *          <p>For more information about creating an interface VPC endpoint, see
-     *             <a href="https://docs.aws.amazon.com/grafana/latest/userguide/VPC-endpoints">Interface VPC endpoints</a> in the <i>Amazon Managed Grafana
-     *                 User Guide</i>.</p>
+     *          <p>For more information about creating an interface VPC endpoint, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/VPC-endpoints">Interface VPC
+     *                 endpoints</a> in the <i>Amazon Managed Grafana User
+     *             Guide</i>.</p>
      *          <note>
      *             <p>The only VPC endpoints that can be specified here are interface VPC endpoints for
-     *                 Grafana workspaces (using the
-     *                 <code>com.amazonaws.[region].grafana-workspace</code> service endpoint). Other VPC
-     *                 endpoints will be ignored.</p>
+     *                 Grafana workspaces (using the <code>com.amazonaws.[region].grafana-workspace</code>
+     *                 service endpoint). Other VPC endpoints will be ignored.</p>
      *          </note>
      */
     vpceIds: string[] | undefined;
@@ -447,11 +455,11 @@ export declare enum WorkspaceStatus {
     UPGRADING = "UPGRADING"
 }
 /**
- * <p>The configuration settings for an Amazon VPC that contains data sources
- *             for your Grafana workspace to connect to.</p>
+ * <p>The configuration settings for an Amazon VPC that contains data sources for
+ *             your Grafana workspace to connect to.</p>
  *          <note>
- *             <p>Provided <code>securityGroupIds</code> and <code>subnetIds</code>
- *             must be part of the same VPC.</p>
+ *             <p>Provided <code>securityGroupIds</code> and <code>subnetIds</code> must be part of
+ *                 the same VPC.</p>
  *          </note>
  */
 export interface VpcConfiguration {
@@ -461,20 +469,22 @@ export interface VpcConfiguration {
      */
     securityGroupIds: string[] | undefined;
     /**
-     * <p>The list of Amazon EC2 subnet IDs created in the Amazon VPC for
-     *             your Grafana workspace to connect. Duplicates not allowed.</p>
+     * <p>The list of Amazon EC2 subnet IDs created in the Amazon VPC for your
+     *             Grafana workspace to connect. Duplicates not allowed.</p>
      */
     subnetIds: string[] | undefined;
 }
 /**
- * <p>A structure containing information about an Amazon Managed Grafana workspace in your account.</p>
+ * <p>A structure containing information about an Amazon Managed Grafana workspace in your
+ *             account.</p>
  */
 export interface WorkspaceDescription {
     /**
-     * <p>Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in
-     *             other accounts in the same organization. If this is <code>ORGANIZATION</code>, the
-     *             <code>workspaceOrganizationalUnits</code> parameter specifies which organizational units
-     *             the workspace can access.</p>
+     * <p>Specifies whether the workspace can access Amazon Web Services resources in this
+     *                 Amazon Web Services account only, or whether it can also access Amazon Web Services
+     *             resources in other accounts in the same organization. If this is
+     *                 <code>ORGANIZATION</code>, the <code>workspaceOrganizationalUnits</code> parameter
+     *             specifies which organizational units the workspace can access.</p>
      */
     accountAccessType?: AccountAccessType | string;
     /**
@@ -482,9 +492,11 @@ export interface WorkspaceDescription {
      */
     created: Date | undefined;
     /**
-     * <p>Specifies the Amazon Web Services data sources that have been configured to have IAM
-     *             roles and permissions created to allow
-     *             Amazon Managed Grafana to read data from these sources.</p>
+     * <p>Specifies the Amazon Web Services data sources that have been configured to have
+     *                 IAM roles and permissions created to allow Amazon Managed Grafana to read
+     *             data from these sources.</p>
+     *          <p>This list is only used when the workspace was created through the Amazon Web Services
+     *             console, and the <code>permissionType</code> is <code>SERVICE_MANAGED</code>.</p>
      */
     dataSources: (DataSourceType | string)[] | undefined;
     /**
@@ -512,13 +524,14 @@ export interface WorkspaceDescription {
      */
     name?: string;
     /**
-     * <p>The name of the IAM role that is used to access resources through Organizations.</p>
+     * <p>The name of the IAM role that is used to access resources through
+     *                 Organizations.</p>
      */
     organizationRoleName?: string;
     /**
-     * <p>The Amazon Web Services notification channels that Amazon Managed Grafana can automatically create IAM
-     *             roles and permissions for, to allow
-     *             Amazon Managed Grafana to use these channels.</p>
+     * <p>The Amazon Web Services notification channels that Amazon Managed Grafana can automatically
+     *             create IAM roles and permissions for, to allow Amazon Managed Grafana to use
+     *             these channels.</p>
      */
     notificationDestinations?: (NotificationDestinationType | string)[];
     /**
@@ -527,21 +540,27 @@ export interface WorkspaceDescription {
      */
     organizationalUnits?: string[];
     /**
-     * <p>If this is <code>SERVICE_MANAGED</code>, Amazon Managed Grafana automatically creates the IAM roles
-     *             and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.</p>
-     *          <p>If this is <code>CUSTOMER_MANAGED</code>, you manage those roles and permissions
-     *             yourself. If you are creating this workspace in a member account of an organization and that account is not a
-     *             delegated administrator account, and
-     *             you want the workspace to access data sources in other Amazon Web Services accounts in the
-     *             organization, you must choose <code>CUSTOMER_MANAGED</code>.</p>
-     *          <p>For more information, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html">Amazon Managed Grafana permissions and policies for
-     *             Amazon Web Services data sources and notification channels</a>
+     * <p>If this is <code>SERVICE_MANAGED</code>, and the workplace was created through the
+     *             Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the
+     *             IAM roles and provisions the permissions that the workspace needs to
+     *             use Amazon Web Services data sources and notification channels.</p>
+     *          <p>If this is <code>CUSTOMER_MANAGED</code>, you must manage those roles and permissions
+     *             yourself.</p>
+     *          <p>If you are working with a workspace in a member account of an organization and
+     *             that account is not a delegated administrator account, and you want the workspace to
+     *             access data sources in other Amazon Web Services accounts in the organization, this
+     *             parameter must be set to <code>CUSTOMER_MANAGED</code>.</p>
+     *          <p>For more information about converting between customer and service managed, see
+     *             <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-datasource-and-notification.html">Managing permissions for data sources and notification channels</a>. For more
+     *             information about the roles and permissions that must be managed for customer managed
+     *             workspaces, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html">Amazon Managed Grafana
+     *             permissions and policies for Amazon Web Services data sources and notification
+     *             channels</a>
      *          </p>
      */
     permissionType?: PermissionType | string;
     /**
-     * <p>The name of the CloudFormation stack set that is used to generate IAM roles
-     *             to be used for this workspace.</p>
+     * <p>The name of the CloudFormation stack set that is used to generate IAM roles to be used for this workspace.</p>
      */
     stackSetName?: string;
     /**
@@ -549,31 +568,33 @@ export interface WorkspaceDescription {
      */
     status: WorkspaceStatus | string | undefined;
     /**
-     * <p>The IAM role that grants permissions to the Amazon Web Services resources that the
-     *             workspace will view data from. This role must already exist.</p>
+     * <p>The IAM role that grants permissions to the Amazon Web Services
+     *             resources that the workspace will view data from. This role must already exist.</p>
      */
     workspaceRoleArn?: string;
     /**
-     * <p>Specifies whether this workspace has a full Grafana Enterprise license or a free trial license.</p>
+     * <p>Specifies whether this workspace has a full Grafana Enterprise license or a free trial
+     *             license.</p>
      */
     licenseType?: LicenseType | string;
     /**
-     * <p>Specifies whether this workspace has already fully used its free trial for Grafana Enterprise.</p>
+     * <p>Specifies whether this workspace has already fully used its free trial for Grafana
+     *             Enterprise.</p>
      */
     freeTrialConsumed?: boolean;
     /**
-     * <p>If this workspace has a full Grafana Enterprise license, this specifies when the license ends and
-     *             will need to be renewed.</p>
+     * <p>If this workspace has a full Grafana Enterprise license, this specifies when the
+     *             license ends and will need to be renewed.</p>
      */
     licenseExpiration?: Date;
     /**
-     * <p>If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies
-     *             when that free trial ends.</p>
+     * <p>If this workspace is currently in the free trial period for Grafana Enterprise, this
+     *             value specifies when that free trial ends.</p>
      */
     freeTrialExpiration?: Date;
     /**
-     * <p>A structure that describes whether the workspace uses SAML, IAM Identity Center, or both methods
-     *             for user authentication.</p>
+     * <p>A structure that describes whether the workspace uses SAML, IAM Identity Center, or
+     *             both methods for user authentication.</p>
      */
     authentication: AuthenticationSummary | undefined;
     /**
@@ -581,8 +602,7 @@ export interface WorkspaceDescription {
      */
     tags?: Record<string, string>;
     /**
-     * <p>The configuration for connecting to data sources in a private VPC
-     *             (Amazon Virtual Private Cloud).</p>
+     * <p>The configuration for connecting to data sources in a private VPC (Amazon Virtual Private Cloud).</p>
      */
     vpcConfiguration?: VpcConfiguration;
     /**
@@ -603,8 +623,7 @@ export interface DescribeWorkspaceAuthenticationRequest {
     workspaceId: string | undefined;
 }
 /**
- * <p>A structure containing information about how this workspace works with
- *             IAM Identity Center. </p>
+ * <p>A structure containing information about how this workspace works with IAM Identity Center. </p>
  */
 export interface AwsSsoAuthentication {
     /**
@@ -614,9 +633,10 @@ export interface AwsSsoAuthentication {
 }
 /**
  * <p>A structure containing the identity provider (IdP) metadata used to integrate the
- *             identity provider with this workspace. You can specify the metadata either by providing a
- *             URL to its location in the <code>url</code> parameter, or by specifying the full metadata
- *             in XML format in the <code>xml</code> parameter. Specifying both will cause an error.</p>
+ *             identity provider with this workspace. You can specify the metadata either by providing
+ *             a URL to its location in the <code>url</code> parameter, or by specifying the full
+ *             metadata in XML format in the <code>xml</code> parameter. Specifying both will cause an
+ *             error.</p>
  */
 export declare type IdpMetadata = IdpMetadata.UrlMember | IdpMetadata.XmlMember | IdpMetadata.$UnknownMember;
 export declare namespace IdpMetadata {
@@ -649,27 +669,25 @@ export declare namespace IdpMetadata {
     const visit: <T>(value: IdpMetadata, visitor: Visitor<T>) => T;
 }
 /**
- * <p>This structure defines which groups defined in the SAML assertion attribute are to
- *            be mapped to the Grafana <code>Admin</code> and <code>Editor</code> roles in the
- *            workspace. SAML authenticated users not part of <code>Admin</code> or
- *            <code>Editor</code> role groups have <code>Viewer</code> permission over the
- *            workspace.</p>
+ * <p>This structure defines which groups defined in the SAML assertion attribute are to be
+ *             mapped to the Grafana <code>Admin</code> and <code>Editor</code> roles in the workspace.
+ *             SAML authenticated users not part of <code>Admin</code> or <code>Editor</code> role
+ *             groups have <code>Viewer</code> permission over the workspace.</p>
  */
 export interface RoleValues {
     /**
      * <p>A list of groups from the SAML assertion attribute to grant the Grafana
-     *             <code>Editor</code> role to.</p>
+     *                 <code>Editor</code> role to.</p>
      */
     editor?: string[];
     /**
      * <p>A list of groups from the SAML assertion attribute to grant the Grafana
-     *             <code>Admin</code> role to.</p>
+     *                 <code>Admin</code> role to.</p>
      */
     admin?: string[];
 }
 /**
- * <p>A structure containing information about how this workspace works with
- *             SAML. </p>
+ * <p>A structure containing information about how this workspace works with SAML. </p>
  */
 export interface SamlConfiguration {
     /**
@@ -678,8 +696,9 @@ export interface SamlConfiguration {
      */
     idpMetadata: IdpMetadata | undefined;
     /**
-     * <p>A structure that defines which attributes in the SAML assertion are to be used to define information about
-     *             the users authenticated by that IdP to use the workspace.</p>
+     * <p>A structure that defines which attributes in the SAML assertion are to be used to
+     *             define information about the users authenticated by that IdP to use the
+     *             workspace.</p>
      */
     assertionAttributes?: AssertionAttributes;
     /**
@@ -688,8 +707,8 @@ export interface SamlConfiguration {
      */
     roleValues?: RoleValues;
     /**
-     * <p>Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace.
-     *             If this is empty, all organizations in the assertion attribute have access.</p>
+     * <p>Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace. If this is empty, all organizations in the assertion attribute
+     *             have access.</p>
      */
     allowedOrganizations?: string[];
     /**
@@ -699,8 +718,7 @@ export interface SamlConfiguration {
     loginValidityDuration?: number;
 }
 /**
- * <p>A structure containing information about how this workspace works with
- *          SAML. </p>
+ * <p>A structure containing information about how this workspace works with SAML. </p>
  */
 export interface SamlAuthentication {
     /**
@@ -708,38 +726,36 @@ export interface SamlAuthentication {
      */
     status: SamlConfigurationStatus | string | undefined;
     /**
-     * <p>A structure containing details about how this workspace works with
-     *          SAML. </p>
+     * <p>A structure containing details about how this workspace works with SAML. </p>
      */
     configuration?: SamlConfiguration;
 }
 /**
- * <p>A structure containing information about the user authentication methods used by
- *             the workspace.</p>
+ * <p>A structure containing information about the user authentication methods used by the
+ *             workspace.</p>
  */
 export interface AuthenticationDescription {
     /**
-     * <p>Specifies whether this workspace uses IAM Identity Center, SAML, or both methods
-     *             to authenticate users to use the Grafana console in the Amazon Managed Grafana
+     * <p>Specifies whether this workspace uses IAM Identity Center, SAML, or both methods to
+     *             authenticate users to use the Grafana console in the Amazon Managed Grafana
      *             workspace.</p>
      */
     providers: (AuthenticationProviderTypes | string)[] | undefined;
     /**
-     * <p>A structure containing information about how this workspace works with
-     *             SAML, including what attributes within the assertion are to be mapped to
-     *             user information in the workspace. </p>
+     * <p>A structure containing information about how this workspace works with SAML, including
+     *             what attributes within the assertion are to be mapped to user information in the
+     *             workspace. </p>
      */
     saml?: SamlAuthentication;
     /**
-     * <p>A structure containing information about how this workspace works with
-     *             IAM Identity Center. </p>
+     * <p>A structure containing information about how this workspace works with IAM Identity Center. </p>
      */
     awsSso?: AwsSsoAuthentication;
 }
 export interface DescribeWorkspaceAuthenticationResponse {
     /**
-     * <p>A structure containing information about the authentication methods used in
-     *             the workspace.</p>
+     * <p>A structure containing information about the authentication methods used in the
+     *             workspace.</p>
      */
     authentication: AuthenticationDescription | undefined;
 }
@@ -749,23 +765,23 @@ export interface UpdateWorkspaceAuthenticationRequest {
      */
     workspaceId: string | undefined;
     /**
-     * <p>Specifies whether this workspace uses SAML 2.0, IAM Identity Center (successor to Single Sign-On), or both to authenticate
-     *             users for using the Grafana console within a workspace. For more information,
-     *             see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html">User authentication in
-     *                 Amazon Managed Grafana</a>.</p>
+     * <p>Specifies whether this workspace uses SAML 2.0, IAM Identity Center (successor to Single Sign-On), or both to
+     *             authenticate users for using the Grafana console within a workspace. For more
+     *             information, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html">User authentication in
+     *                     Amazon Managed Grafana</a>.</p>
      */
     authenticationProviders: (AuthenticationProviderTypes | string)[] | undefined;
     /**
-     * <p>If the workspace uses SAML, use this structure to
-     *             map SAML assertion attributes to workspace user information and
-     *             define which groups in the assertion attribute are to have the <code>Admin</code> and <code>Editor</code> roles
-     *             in the workspace.</p>
+     * <p>If the workspace uses SAML, use this structure to map SAML assertion attributes to
+     *             workspace user information and define which groups in the assertion attribute are to
+     *             have the <code>Admin</code> and <code>Editor</code> roles in the workspace.</p>
      */
     samlConfiguration?: SamlConfiguration;
 }
 export interface UpdateWorkspaceAuthenticationResponse {
     /**
-     * <p>A structure that describes the user authentication for this workspace after the update is made.</p>
+     * <p>A structure that describes the user authentication for this workspace after the update
+     *             is made.</p>
      */
     authentication: AuthenticationDescription | undefined;
 }
@@ -778,14 +794,16 @@ export interface DescribeWorkspaceConfigurationRequest {
 export interface DescribeWorkspaceConfigurationResponse {
     /**
      * <p>The configuration string for the workspace that you requested. For more information
-     *             about the format and configuration options available, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html">Working in your Grafana workspace</a>.</p>
+     *             about the format and configuration options available, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html">Working in your Grafana
+     *                 workspace</a>.</p>
      */
     configuration: __LazyJsonString | string | undefined;
 }
 export interface UpdateWorkspaceConfigurationRequest {
     /**
-     * <p>The new configuration string for the workspace. For more information
-     *             about the format and configuration options available, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html">Working in your Grafana workspace</a>.</p>
+     * <p>The new configuration string for the workspace. For more information about the format
+     *             and configuration options available, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html">Working in your Grafana
+     *                 workspace</a>.</p>
      */
     configuration: __LazyJsonString | string | undefined;
     /**
@@ -839,14 +857,13 @@ export interface ListPermissionsRequest {
      */
     maxResults?: number;
     /**
-     * <p>The token to use when requesting the next set of results. You received this token from a previous
-     *             <code>ListPermissions</code> operation.</p>
+     * <p>The token to use when requesting the next set of results. You received this token from
+     *             a previous <code>ListPermissions</code> operation.</p>
      */
     nextToken?: string;
     /**
-     * <p>(Optional) If you specify <code>SSO_USER</code>, then only the permissions of IAM Identity Center users
-     *             are returned. If you specify <code>SSO_GROUP</code>, only the permissions of IAM Identity Center groups
-     *             are returned.</p>
+     * <p>(Optional) If you specify <code>SSO_USER</code>, then only the permissions of IAM Identity Center users are returned. If you specify <code>SSO_GROUP</code>, only the
+     *             permissions of IAM Identity Center groups are returned.</p>
      */
     userType?: UserType | string;
     /**
@@ -882,7 +899,8 @@ export declare enum Role {
 export interface User {
     /**
      * <p>The ID of the user or group.</p>
-     *          <p>Pattern: <code>^([0-9a-fA-F]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$</code>
+     *          <p>Pattern:
+     *                 <code>^([0-9a-fA-F]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$</code>
      *          </p>
      */
     id: string | undefined;
@@ -893,7 +911,7 @@ export interface User {
 }
 /**
  * <p>A structure containing the identity of one user or group and the <code>Admin</code>,
- *            <code>Editor</code>, or <code>Viewer</code> role that they have.</p>
+ *                 <code>Editor</code>, or <code>Viewer</code> role that they have.</p>
  */
 export interface PermissionEntry {
     /**
@@ -901,15 +919,15 @@ export interface PermissionEntry {
      */
     user: User | undefined;
     /**
-     * <p>Specifies whether the user or group has the <code>Admin</code>,
-     *            <code>Editor</code>, or <code>Viewer</code> role.</p>
+     * <p>Specifies whether the user or group has the <code>Admin</code>, <code>Editor</code>,
+     *             or <code>Viewer</code> role.</p>
      */
     role: Role | string | undefined;
 }
 export interface ListPermissionsResponse {
     /**
-     * <p>The token to use in a subsequent <code>ListPermissions</code> operation to return
-     *             the next set of results.</p>
+     * <p>The token to use in a subsequent <code>ListPermissions</code> operation to return the
+     *             next set of results.</p>
      */
     nextToken?: string;
     /**
@@ -928,8 +946,7 @@ export declare enum UpdateAction {
     REVOKE = "REVOKE"
 }
 /**
- * <p>Contains the instructions for one Grafana role permission update in a
- *             <a href="https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdatePermissions.html">UpdatePermissions</a> operation.</p>
+ * <p>Contains the instructions for one Grafana role permission update in a <a href="https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdatePermissions.html">UpdatePermissions</a> operation.</p>
  */
 export interface UpdateInstruction {
     /**
@@ -937,7 +954,8 @@ export interface UpdateInstruction {
      */
     action: UpdateAction | string | undefined;
     /**
-     * <p>The role to add or revoke for the user or the group specified in <code>users</code>.</p>
+     * <p>The role to add or revoke for the user or the group specified in
+     *             <code>users</code>.</p>
      */
     role: Role | string | undefined;
     /**
@@ -957,7 +975,7 @@ export interface UpdatePermissionsRequest {
 }
 /**
  * <p>A structure containing information about one error encountered while performing an
- *             <a href="https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdatePermissions.html">UpdatePermissions</a> operation.</p>
+ *                 <a href="https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdatePermissions.html">UpdatePermissions</a> operation.</p>
  */
 export interface UpdateError {
     /**
@@ -985,8 +1003,8 @@ export interface TagResourceRequest {
      */
     resourceArn: string | undefined;
     /**
-     * <p>The list of tag keys and values to associate with the resource.  You can associate tag keys only, tags (key and values) only
-     *             or a combination of tag keys and tags.</p>
+     * <p>The list of tag keys and values to associate with the resource. You can associate tag
+     *             keys only, tags (key and values) only or a combination of tag keys and tags.</p>
      */
     tags: Record<string, string> | undefined;
 }
@@ -994,7 +1012,7 @@ export interface TagResourceResponse {
 }
 export interface UntagResourceRequest {
     /**
-     * <p>The ARN of the resource the tag association is removed from.  </p>
+     * <p>The ARN of the resource the tag association is removed from. </p>
      */
     resourceArn: string | undefined;
     /**
@@ -1006,52 +1024,54 @@ export interface UntagResourceResponse {
 }
 export interface CreateWorkspaceRequest {
     /**
-     * <p>Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in
-     *             other accounts in the same organization. If you specify <code>ORGANIZATION</code>, you must
-     *             specify which organizational units the workspace can access in the
-     *             <code>workspaceOrganizationalUnits</code> parameter.</p>
+     * <p>Specifies whether the workspace can access Amazon Web Services resources in this
+     *                 Amazon Web Services account only, or whether it can also access Amazon Web Services
+     *             resources in other accounts in the same organization. If you specify
+     *                 <code>ORGANIZATION</code>, you must specify which organizational units the workspace
+     *             can access in the <code>workspaceOrganizationalUnits</code> parameter.</p>
      */
     accountAccessType: AccountAccessType | string | undefined;
     /**
-     * <p>A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.</p>
+     * <p>A unique, case-sensitive, user-provided identifier to ensure the idempotency of the
+     *             request.</p>
      */
     clientToken?: string;
     /**
-     * <p>The name of an IAM role that already exists to use with Organizations to access Amazon Web Services
-     *             data sources and notification channels in other accounts in an organization.</p>
+     * <p>The name of an IAM role that already exists to use with Organizations to access Amazon Web Services data sources and notification channels in other accounts
+     *             in an organization.</p>
      */
     organizationRoleName?: string;
     /**
-     * <p>If you specify <code>SERVICE_MANAGED</code> on AWS Grafana console, Amazon Managed Grafana automatically creates
-     *             the IAM roles and provisions the permissions that the workspace needs to use
-     *             Amazon Web Services data sources and notification channels. In the CLI mode, the permissionType <code>SERVICE_MANAGED</code> will not create the IAM role
-     *             for you. The ability for the Amazon Managed Grafana to create the IAM role on behalf of the user is supported only in the
-     *             Amazon Managed Grafana AWS console. Use only the <code>CUSTOMER_MANAGED</code> permission type when creating a workspace in the CLI. </p>
-     *          <p>If you specify <code>CUSTOMER_MANAGED</code>, you will manage those roles and
-     *             permissions yourself. If you are creating this workspace in a member account of an
-     *             organization that is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services
-     *             accounts in the organization, you must choose <code>CUSTOMER_MANAGED</code>.</p>
-     *          <p>For more information, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html">Amazon Managed Grafana permissions and policies for
-     *             Amazon Web Services data sources and notification channels</a>.</p>
+     * <p>When creating a workspace through the Amazon Web Services API, CLI or Amazon Web Services CloudFormation, you must manage IAM roles and provision the
+     *             permissions that the workspace needs to use Amazon Web Services data sources and
+     *             notification channels.</p>
+     *          <p>You must also specify a <code>workspaceRoleArn</code> for a role that you will
+     *             manage for the workspace to use when accessing those datasources and notification
+     *             channels.</p>
+     *          <p>The ability for Amazon Managed Grafana to create and update IAM roles on
+     *             behalf of the user is supported only in the Amazon Managed Grafana console, where this value
+     *             may be set to <code>SERVICE_MANAGED</code>.</p>
+     *          <note>
+     *             <p>Use only the <code>CUSTOMER_MANAGED</code> permission type when creating a
+     *                 workspace with the API, CLI or Amazon Web Services CloudFormation. </p>
+     *          </note>
+     *          <p>For more information, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html">Amazon Managed Grafana
+     *                 permissions and policies for Amazon Web Services data sources and notification
+     *                 channels</a>.</p>
      */
     permissionType: PermissionType | string | undefined;
     /**
-     * <p>The name of the CloudFormation stack set to use to generate IAM roles
-     *             to be used for this workspace.</p>
+     * <p>The name of the CloudFormation stack set to use to generate IAM
+     *             roles to be used for this workspace.</p>
      */
     stackSetName?: string;
     /**
-     * <p>Specify the Amazon Web Services data sources that you want to be queried in this
-     *             workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these
-     *             sources. You must still add them as data sources in the Grafana console in the
-     *             workspace.</p>
-     *          <p>If you don't specify a data source here, you can still add it as a data source in the
-     *             workspace console later. However, you will then have to manually configure permissions for
-     *             it.</p>
+     * <p>This parameter is for internal use only, and should not be used.</p>
      */
     workspaceDataSources?: (DataSourceType | string)[];
     /**
-     * <p>A description for the workspace. This is used only to help you identify this workspace.</p>
+     * <p>A description for the workspace. This is used only to help you identify this
+     *             workspace.</p>
      *          <p>Pattern: <code>^[\\p{L}\\p{Z}\\p{N}\\p{P}]{0,2048}$</code>
      *          </p>
      */
@@ -1061,9 +1081,10 @@ export interface CreateWorkspaceRequest {
      */
     workspaceName?: string;
     /**
-     * <p>Specify the Amazon Web Services notification channels that you plan to use in this workspace. Specifying these
-     *             data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow
-     *             Amazon Managed Grafana to use these channels.</p>
+     * <p>Specify the Amazon Web Services notification channels that you plan to use in this
+     *             workspace. Specifying these data sources here enables Amazon Managed Grafana to create
+     *                 IAM roles and permissions that allow Amazon Managed Grafana to use these
+     *             channels.</p>
      */
     workspaceNotificationDestinations?: (NotificationDestinationType | string)[];
     /**
@@ -1072,15 +1093,16 @@ export interface CreateWorkspaceRequest {
      */
     workspaceOrganizationalUnits?: string[];
     /**
-     * <p>The workspace needs an IAM role that grants permissions to the Amazon Web Services resources that the
-     *             workspace will view data from. If you already have a role that you want to use, specify it here.  The permission type should be set to  <code>CUSTOMER_MANAGED</code>.</p>
+     * <p>Specified the IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from, including both data
+     *             sources and notification channels. You are responsible for managing the permissions
+     *             for this role as new data sources or notification channels are added. </p>
      */
     workspaceRoleArn?: string;
     /**
-     * <p>Specifies whether this workspace uses SAML 2.0, IAM Identity Center (successor to Single Sign-On), or both to authenticate
-     *             users for using the Grafana console within a workspace. For more information,
-     *             see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html">User authentication in
-     *                 Amazon Managed Grafana</a>.</p>
+     * <p>Specifies whether this workspace uses SAML 2.0, IAM Identity Center (successor to Single Sign-On), or both to
+     *             authenticate users for using the Grafana console within a workspace. For more
+     *             information, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html">User authentication in
+     *                     Amazon Managed Grafana</a>.</p>
      */
     authenticationProviders: (AuthenticationProviderTypes | string)[] | undefined;
     /**
@@ -1088,13 +1110,14 @@ export interface CreateWorkspaceRequest {
      */
     tags?: Record<string, string>;
     /**
-     * <p>The configuration settings for an Amazon VPC that contains data sources
-     *             for your Grafana workspace to connect to.</p>
+     * <p>The configuration settings for an Amazon VPC that contains data sources for
+     *             your Grafana workspace to connect to.</p>
      */
     vpcConfiguration?: VpcConfiguration;
     /**
-     * <p>The configuration string for the workspace that you create. For more information
-     *             about the format and configuration options available, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html">Working in your Grafana workspace</a>.</p>
+     * <p>The configuration string for the workspace that you create. For more information about
+     *             the format and configuration options available, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-configure-workspace.html">Working in your Grafana
+     *                 workspace</a>.</p>
      */
     configuration?: __LazyJsonString | string;
     /**
@@ -1183,8 +1206,8 @@ export interface WorkspaceSummary {
     name?: string;
     /**
      * <p>The Amazon Web Services notification channels that Amazon Managed Grafana can automatically
-     *             create IAM roles and permissions for, which allows Amazon Managed Grafana to use
-     *             these channels.</p>
+     *             create IAM roles and permissions for, which allows Amazon Managed Grafana to
+     *             use these channels.</p>
      */
     notificationDestinations?: (NotificationDestinationType | string)[];
     /**
@@ -1192,8 +1215,8 @@ export interface WorkspaceSummary {
      */
     status: WorkspaceStatus | string | undefined;
     /**
-     * <p>A structure containing information about the authentication methods used in
-     *             the workspace.</p>
+     * <p>A structure containing information about the authentication methods used in the
+     *             workspace.</p>
      */
     authentication: AuthenticationSummary | undefined;
     /**
@@ -1203,7 +1226,8 @@ export interface WorkspaceSummary {
 }
 export interface ListWorkspacesResponse {
     /**
-     * <p>An array of structures that contain some information about the workspaces in the account.</p>
+     * <p>An array of structures that contain some information about the workspaces in the
+     *             account.</p>
      */
     workspaces: WorkspaceSummary[] | undefined;
     /**
@@ -1213,46 +1237,55 @@ export interface ListWorkspacesResponse {
 }
 export interface UpdateWorkspaceRequest {
     /**
-     * <p>Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in
-     *             other accounts in the same organization. If you specify <code>ORGANIZATION</code>, you must
-     *             specify which organizational units the workspace can access in the
-     *             <code>workspaceOrganizationalUnits</code> parameter.</p>
+     * <p>Specifies whether the workspace can access Amazon Web Services resources in this
+     *                 Amazon Web Services account only, or whether it can also access Amazon Web Services
+     *             resources in other accounts in the same organization. If you specify
+     *                 <code>ORGANIZATION</code>, you must specify which organizational units the workspace
+     *             can access in the <code>workspaceOrganizationalUnits</code> parameter.</p>
      */
     accountAccessType?: AccountAccessType | string;
     /**
-     * <p>The name of an IAM role that already exists to use to access resources through Organizations.</p>
+     * <p>The name of an IAM role that already exists to use to access resources
+     *             through Organizations. This can only be used with a workspace that has the
+     *             <code>permissionType</code> set to <code>CUSTOMER_MANAGED</code>.</p>
      */
     organizationRoleName?: string;
     /**
-     * <p>If you specify <code>SERVICE_MANAGED</code>, Amazon Managed Grafana automatically creates
-     *             the IAM roles and provisions the permissions that the workspace needs to use
-     *             Amazon Web Services data sources and notification channels.</p>
-     *          <p>If you specify <code>CUSTOMER_MANAGED</code>, you will manage those roles and
-     *             permissions yourself. If you are creating this workspace in a member account of an
-     *             organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services
-     *             accounts in the organization, you must choose <code>CUSTOMER_MANAGED</code>.</p>
-     *          <p>For more information, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html">Amazon Managed Grafana permissions and policies for
-     *             Amazon Web Services data sources and notification channels</a>
+     * <p>Use this parameter if you want to change a workspace from <code>SERVICE_MANAGED</code>
+     *             to <code>CUSTOMER_MANAGED</code>. This allows you to manage the permissions that the
+     *             workspace uses to access datasources and notification channels. If the workspace is
+     *             in a member Amazon Web Services account of an organization, and that account is not
+     *             a delegated administrator account, and you want the workspace to access data sources in
+     *             other Amazon Web Services accounts in the organization, you must choose
+     *             <code>CUSTOMER_MANAGED</code>.</p>
+     *          <p>If you specify this as <code>CUSTOMER_MANAGED</code>, you must also specify a
+     *             <code>workspaceRoleArn</code> that the workspace will use for accessing Amazon Web Services
+     *             resources.</p>
+     *          <p>For more information on the role and permissions needed, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html">Amazon Managed Grafana permissions and policies for Amazon Web Services data sources
+     *             and notification channels</a>
      *          </p>
+     *          <note>
+     *             <p>Do not use this to convert a <code>CUSTOMER_MANAGED</code> workspace to
+     *                 <code>SERVICE_MANAGED</code>. Do not include this
+     *                 parameter if you want to leave the workspace as <code>SERVICE_MANAGED</code>.</p>
+     *             <p>You can convert a <code>CUSTOMER_MANAGED</code> workspace to
+     *                 <code>SERVICE_MANAGED</code> using the Amazon Managed Grafana console. For more
+     *                 information, see <a href="https://docs.aws.amazon.com/grafana/latest/userguide/AMG-datasource-and-notification.html">Managing permissions for data sources and notification channels</a>.</p>
+     *          </note>
      */
     permissionType?: PermissionType | string;
     /**
-     * <p>The name of the CloudFormation stack set to use to generate IAM roles
-     *             to be used for this workspace.</p>
+     * <p>The name of the CloudFormation stack set to use to generate IAM
+     *             roles to be used for this workspace.</p>
      */
     stackSetName?: string;
     /**
-     * <p>Specify the Amazon Web Services data sources that you want to be queried in this
-     *             workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these
-     *             sources. You must still add them as data sources in the Grafana console in the
-     *             workspace.</p>
-     *          <p>If you don't specify a data source here, you can still add it as a data source later in
-     *             the workspace console. However, you will then have to manually configure permissions for
-     *             it.</p>
+     * <p>This parameter is for internal use only, and should not be used.</p>
      */
     workspaceDataSources?: (DataSourceType | string)[];
     /**
-     * <p>A description for the workspace. This is used only to help you identify this workspace.</p>
+     * <p>A description for the workspace. This is used only to help you identify this
+     *             workspace.</p>
      */
     workspaceDescription?: string;
     /**
@@ -1264,9 +1297,10 @@ export interface UpdateWorkspaceRequest {
      */
     workspaceName?: string;
     /**
-     * <p>Specify the Amazon Web Services notification channels that you plan to use in this workspace. Specifying these
-     *             data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow
-     *             Amazon Managed Grafana to use these channels.</p>
+     * <p>Specify the Amazon Web Services notification channels that you plan to use in this
+     *             workspace. Specifying these data sources here enables Amazon Managed Grafana to create
+     *                 IAM roles and permissions that allow Amazon Managed Grafana to use these
+     *             channels.</p>
      */
     workspaceNotificationDestinations?: (NotificationDestinationType | string)[];
     /**
@@ -1275,16 +1309,16 @@ export interface UpdateWorkspaceRequest {
      */
     workspaceOrganizationalUnits?: string[];
     /**
-     * <p>The workspace needs an IAM role that grants permissions to the Amazon Web Services resources that the
-     *             workspace will view data from. If you already have a role that you want to use, specify it here. If you omit
-     *             this field and you specify some Amazon Web Services resources in <code>workspaceDataSources</code> or
-     *             <code>workspaceNotificationDestinations</code>, a new IAM role with the necessary permissions is
-     *             automatically created.</p>
+     * <p>Specifies an IAM role that grants permissions to Amazon Web Services
+     *             resources that the workspace accesses, such as data sources and notification channels.
+     *             If this workspace has <code>permissionType</code>
+     *             <code>CUSTOMER_MANAGED</code>,
+     *             then this role is required.</p>
      */
     workspaceRoleArn?: string;
     /**
-     * <p>The configuration settings for an Amazon VPC that contains data sources
-     *             for your Grafana workspace to connect to.</p>
+     * <p>The configuration settings for an Amazon VPC that contains data sources for
+     *             your Grafana workspace to connect to.</p>
      */
     vpcConfiguration?: VpcConfiguration;
     /**
@@ -1305,8 +1339,8 @@ export interface UpdateWorkspaceRequest {
     networkAccessControl?: NetworkAccessConfiguration;
     /**
      * <p>Whether to remove the network access configuration from the workspace.</p>
-     *          <p>Setting this to <code>true</code> and providing a <code>networkAccessControl</code>
-     *             to set will return an error.</p>
+     *          <p>Setting this to <code>true</code> and providing a <code>networkAccessControl</code> to
+     *             set will return an error.</p>
      *          <p>If you remove this configuration by setting this to <code>true</code>, then all IP
      *             addresses and VPC endpoints will be allowed. Standard Grafana authentication and
      *             authorization will still be required.</p>